move cert questions up

2025-02-22 02:51:33 +01:00 · 2018-03-29 13:43:52 -04:00 · 2018-03-29 13:43:52 -04:00 · 05d00517ee
commit 05d00517ee
parent f3904de2bc
2 changed files with 21 additions and 26 deletions
--- a/util/Setup/NginxConfigBuilder.cs
+++ b/util/Setup/NginxConfigBuilder.cs
@ -5,6 +5,7 @@ namespace Bit.Setup
 {
    public class NginxConfigBuilder
    {
+        private const string ConfFile = "/bitwarden/nginx/default.conf";
        private const string SslCiphers =
            "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:" +
            "DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:" +
@ -12,13 +13,16 @@ namespace Bit.Setup
            "ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:" +
            "AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:@STRENGTH";

-        public NginxConfigBuilder(string domain, string url, bool ssl, bool selfSignedSsl, bool letsEncrypt)
+        public NginxConfigBuilder(string domain, string url, bool ssl, bool selfSignedSsl, bool letsEncrypt,
+            bool trusted, bool diffieHellman)
        {
            Domain = domain;
            Url = url;
            Ssl = ssl;
            SelfSignedSsl = selfSignedSsl;
            LetsEncrypt = letsEncrypt;
+            Trusted = trusted;
+            DiffieHellman = diffieHellman;
        }

        public NginxConfigBuilder(string domain, string url)
@ -37,35 +41,15 @@ namespace Bit.Setup

        public void BuildForInstaller()
        {
-            if(Ssl && !SelfSignedSsl && !LetsEncrypt)
-            {
-                Console.Write("(!) Use Diffie Hellman ephemeral parameters for SSL (requires dhparam.pem)? (y/n): ");
-                DiffieHellman = Console.ReadLine().ToLowerInvariant() == "y";
-            }
-            else
-            {
-                DiffieHellman = LetsEncrypt;
-            }
-
-            if(Ssl && !SelfSignedSsl && !LetsEncrypt)
-            {
-                Console.Write("(!) Is this a trusted SSL certificate (requires ca.crt)? (y/n): ");
-                Trusted = Console.ReadLine().ToLowerInvariant() == "y";
-            }
-            else
-            {
-                Trusted = LetsEncrypt;
-            }
-
            Build();
        }

        public void BuildForUpdater()
        {
-            if(File.Exists("/bitwarden/nginx/default.conf"))
+            if(File.Exists(ConfFile))
            {
-                var confContent = File.ReadAllText("/bitwarden/nginx/default.conf");
-                Ssl = confContent.Contains("listen 8081 ssl http2;") || confContent.Contains("listen 443 ssl http2;");
+                var confContent = File.ReadAllText(ConfFile);
+                Ssl = confContent.Contains("ssl http2;");
                SelfSignedSsl = confContent.Contains("/etc/ssl/self/");
                LetsEncrypt = !SelfSignedSsl && confContent.Contains("/etc/letsencrypt/live/");
                DiffieHellman = confContent.Contains("/dhparam.pem;");
@ -86,7 +70,7 @@ namespace Bit.Setup
            var caFile = LetsEncrypt ? "fullchain.pem" : "ca.crt";

            Console.WriteLine("Building nginx config.");
-            using(var sw = File.CreateText("/bitwarden/nginx/default.conf"))
+            using(var sw = File.CreateText(ConfFile))
            {
                sw.WriteLine($@"# Config Parameters
 # Parameter:Ssl={Ssl}
--- a/util/Setup/Program.cs
+++ b/util/Setup/Program.cs
@ -86,6 +86,16 @@ namespace Bit.Setup
            var selfSignedSsl = certBuilder.BuildForInstall();
            ssl = certBuilder.Ssl; // Ssl prop can get flipped during the build

+            var sslTrusted = letsEncrypt;
+            var sslDiffieHellman = letsEncrypt;
+            if(ssl && !selfSignedSsl && !letsEncrypt)
+            {
+                Console.Write("(!) Use Diffie Hellman ephemeral parameters for SSL (requires dhparam.pem)? (y/n): ");
+                sslDiffieHellman = Console.ReadLine().ToLowerInvariant() == "y";
+                Console.Write("(!) Is this a trusted SSL certificate (requires ca.crt)? (y/n): ");
+                sslTrusted = Console.ReadLine().ToLowerInvariant() == "y";
+            }
+
            var url = $"https://{domain}";
            Console.Write("(!) Do you want to use the default ports for HTTP (80) and HTTPS (443)? (y/n): ");
            var defaultPorts = Console.ReadLine().ToLowerInvariant() == "y";
@ -155,7 +165,8 @@ namespace Bit.Setup
            Console.Write("(!) Do you want to use push notifications? (y/n): ");
            var push = Console.ReadLine().ToLowerInvariant() == "y";

-            var nginxBuilder = new NginxConfigBuilder(domain, url, ssl, selfSignedSsl, letsEncrypt);
+            var nginxBuilder = new NginxConfigBuilder(domain, url, ssl, selfSignedSsl, letsEncrypt,
+                sslTrusted, sslDiffieHellman);
            nginxBuilder.BuildForInstaller();

            var environmentFileBuilder = new EnvironmentFileBuilder